How to download ca certificate chain

It might happen that some machine has missing CA chain certificates and you get error

OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
 Unable to establish SSL connection.

If accessing the specific URL in browser works without warning then you can export and download CA certificate chain

In Firefox right-click > View Page Info > Security > View Certificate > Details . There you see Certificate hierarchy and can export each certificate in chain individually.  Depending on OS you need to add these certificate in PEM format ti /etc/pki/tls/cert.pem or similar.

See more useful tricks about SSL here.

Leave a Reply

Your email address will not be published.